The Internet of Things presents new vectors for payments – and fraud

In early March 2016, the Mobile World Congress met in Barcelona. Interestingly, the main topic on everyone’s minds wasn’t any sort of device or type of hardware. Despite the successes of the Apple Watch and other smartwatches, it seemed like all the talk focused on the Internet of Things. Especially in the field of commerce, the potential of IoT may appear in the coming months and years as a way to pay for various goods, which can liven up retail.

However, this unique and exciting way for retailers and card issuers to interact with consumers presents heavy risks. As much as it is a new means of payment, IoT opens up opportunities for criminals to defraud banks, stores and customers. Card issuers should pay attention to the potential dangers as this new technology develops in the near future.

Card networks expand payment vectors The most significant development regarding IoT and payments at Barcelona surprisingly came from one of the leading card networks. As reported by Engadget, Visa announced plans regarding digital wallet payments called Visa Ready, enabling consumers to pay for anything without ever needing to pull out their wallets, assuming they even need them. This takes transactions a step further than with mobile devices such as smartphones. It does this by incorporating technology, often as software within the equipment’s computer, that would connect to payment processing networks through either near-field communication or Bluetooth.

All of these devices could help consumers pay for goods.

Visa demonstrated the new technology in the form of a prototype Honda vehicle. The first example showed the automobile warning the driver about low fuel, directing him or her to the nearest gas station. When the person arrives, he or she can pay for the gas while still in the car using the dashboard console. Finally, this person gets out of the car to fill up the tank. While figuring out payment, the driver can also decide to purchase items in the convenience store next to the pump without needing to go up to the cash register.

The second demonstration involved parking and was much simpler: Once a car enters parking mode, it will track the open space on a local map, then help the driver make a payment while entering the space after showing some options. When the meter runs low, a companion app will notify the driver, offering him or her the option of paying more into the meter without having to go back to the space. These features will expand to such items as wearable electronics, household appliances and even clothing.

MasterCard, in an article for Mashable, offered similar options with its Commerce for Every Device program. Instead of just focusing on one device or series of items, the card issuer wants to make it possible for any item to have payment capacities through IoT. This presents a variety of opportunities for consumers to pay.

New places to pay and attack Of course, the risk of using these different vectors as sources of attack is high. By implementing mobile wallets in computers on vehicles and household appliances, it will make them far more appealing targets for attack. While card issuers and banks may not feel any direct impact for the most part, there is the possibility of a consumer’s devices being silently taken over, enabling data scraping and other severe vulnerabilities. Institutions should pay close attention to developments in this field and at least assess any payments that would come from these devices with greater degree of scrutiny. For example, payments coming from a consumer’s refrigerator should primarily be for food or drink items.

Because of the connection to the cloud, security will have to focus on that front. Mobile Payments Today noted information security firm Rambus would expand its cryptographic functionality to include in-field provisioning. This enables device ID credentials to exist not only on the chips that interact during the transaction, but also in the cloud. Such a measure could make it easier to verify transactions so that chargebacks don’t occur among other fraudulent tactics. Combining this concept with anti-fraud systems can help companies assess whether transactions coming from these various devices are legitimate. It’s much easier for businesses to fight fraud as consumers become more connected.